Encryption Metadata Serialization
Each repository implementation class leverages standard cipher operations to perform encryption and decryption. In order to support AES, the encryption process writes metadata associated with each encryption operation. Encryption protocol version 1 uses Java Object serialization to write objects containing the encryption Key Identifier, the cipher Initialization Vector, and other required properties. Serialized objects include the following required properties:
| Property Name | Property Type | Description |
|---|---|---|
|
keyId |
String |
Encryption key identifier |
|
ivBytes |
byte[] |
Cipher initialization vector |
|
algorithm |
String |
Cipher algorithm |
|
version |
String |
Encryption protocol version |
|
cipherByteLength |
int |
Length of enciphered record |
Metadata serialization uses the standard java.io.ObjectOutputStream.writeObject() method to write objects to a stream that can be converted to a byte array. The deserialization process uses a custom extension of the java.io.ObjectInputStream to read objects regardless of the original class name associated with the record. This approach requires the presence of the standard metadata properties, but provides a compatibility layer that avoids linking the implementation to a specific Java class.
The initial implementation of encrypted repositories used different byte array markers when writing metadata. Each repository implementation uses the following byte array markers before writing a serialized metadata record:
| Repository Type | Byte Array |
|---|---|
|
Content Repository |
byte[]{0x00, 0x00} |
|
FlowFile Repository |
byte[]{} |
|
Provenance Repository |
byte[]{0x01} |
